introduce-separate-database-schemas-hs-booking-and-hosting #106
@ -338,8 +338,8 @@ Now, the longest running queries are these:
|
|||||||
| 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) |
|
| 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) |
|
||||||
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 |
|
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 |
|
||||||
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 |
|
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 |
|
||||||
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) |
|
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hs_hosting.asset_TENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_hosting.asset_AGENT(NEW), hs_office.contact_ADMIN(newAlarmContact)], outgoingSubRoles => array[ hs_booking.item_TENANT(newBookingItem), hs_hosting.asset_TENANT(newParentAsset)] ) |
|
||||||
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) |
|
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hs_hosting.asset_ADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_booking.item_AGENT(newBookingItem), hs_hosting.asset_AGENT(newParentAsset), hs_hosting.asset_OWNER(NEW)] ) |
|
||||||
|
|
||||||
That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
|
That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
|
||||||
|
|
||||||
|
@ -105,7 +105,6 @@ begin
|
|||||||
end; $f$;
|
end; $f$;
|
||||||
|
|
||||||
$sql$, targetTable);
|
$sql$, targetTable);
|
||||||
raise exception 'generated-SQL: %', sql;
|
|
||||||
execute sql;
|
execute sql;
|
||||||
end; $$;
|
end; $$;
|
||||||
--//
|
--//
|
||||||
|
@ -35,22 +35,22 @@ begin
|
|||||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testCustomerOWNER(NEW),
|
rbactest.customer_OWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())],
|
incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testCustomerADMIN(NEW),
|
rbactest.customer_ADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[testCustomerOWNER(NEW)]
|
incomingSuperRoles => array[rbactest.customer_OWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testCustomerTENANT(NEW),
|
rbactest.customer_TENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[testCustomerADMIN(NEW)]
|
incomingSuperRoles => array[rbactest.customer_ADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
|
@ -41,8 +41,8 @@ begin
|
|||||||
select * into newCust
|
select * into newCust
|
||||||
from rbactest.customer where reference=custReference;
|
from rbactest.customer where reference=custReference;
|
||||||
call rbac.grantRoleToSubject(
|
call rbac.grantRoleToSubject(
|
||||||
rbac.getRoleId(testCustomerOwner(newCust)),
|
rbac.getRoleId(rbactest.customer_OWNER(newCust)),
|
||||||
rbac.getRoleId(testCustomerAdmin(newCust)),
|
rbac.getRoleId(rbactest.customer_ADMIN(newCust)),
|
||||||
custAdminUuid,
|
custAdminUuid,
|
||||||
true);
|
true);
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -40,21 +40,21 @@ begin
|
|||||||
|
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testPackageOWNER(NEW),
|
rbactest.package_OWNER(NEW),
|
||||||
permissions => array['DELETE', 'UPDATE'],
|
permissions => array['DELETE', 'UPDATE'],
|
||||||
incomingSuperRoles => array[testCustomerADMIN(newCustomer)]
|
incomingSuperRoles => array[rbactest.customer_ADMIN(newCustomer)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testPackageADMIN(NEW),
|
rbactest.package_ADMIN(NEW),
|
||||||
incomingSuperRoles => array[testPackageOWNER(NEW)]
|
incomingSuperRoles => array[rbactest.package_OWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testPackageTENANT(NEW),
|
rbactest.package_TENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[testPackageADMIN(NEW)],
|
incomingSuperRoles => array[rbactest.package_ADMIN(NEW)],
|
||||||
outgoingSubRoles => array[testCustomerTENANT(newCustomer)]
|
outgoingSubRoles => array[rbactest.customer_TENANT(newCustomer)]
|
||||||
);
|
);
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
@ -110,11 +110,11 @@ begin
|
|||||||
|
|
||||||
if NEW.customerUuid <> OLD.customerUuid then
|
if NEW.customerUuid <> OLD.customerUuid then
|
||||||
|
|
||||||
call rbac.revokeRoleFromRole(testPackageOWNER(OLD), testCustomerADMIN(oldCustomer));
|
call rbac.revokeRoleFromRole(rbactest.package_OWNER(OLD), rbactest.customer_ADMIN(oldCustomer));
|
||||||
call rbac.grantRoleToRole(testPackageOWNER(NEW), testCustomerADMIN(newCustomer));
|
call rbac.grantRoleToRole(rbactest.package_OWNER(NEW), rbactest.customer_ADMIN(newCustomer));
|
||||||
|
|
||||||
call rbac.revokeRoleFromRole(testCustomerTENANT(oldCustomer), testPackageTENANT(OLD));
|
call rbac.revokeRoleFromRole(rbactest.customer_TENANT(oldCustomer), rbactest.package_TENANT(OLD));
|
||||||
call rbac.grantRoleToRole(testCustomerTENANT(newCustomer), testPackageTENANT(NEW));
|
call rbac.grantRoleToRole(rbactest.customer_TENANT(newCustomer), rbactest.package_TENANT(NEW));
|
||||||
|
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
@ -161,7 +161,7 @@ do language plpgsql $$
|
|||||||
LOOP
|
LOOP
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.package'),
|
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.package'),
|
||||||
testCustomerADMIN(row));
|
rbactest.customer_ADMIN(row));
|
||||||
END LOOP;
|
END LOOP;
|
||||||
end;
|
end;
|
||||||
$$;
|
$$;
|
||||||
@ -177,7 +177,7 @@ begin
|
|||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.package'),
|
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.package'),
|
||||||
testCustomerADMIN(NEW));
|
rbactest.customer_ADMIN(NEW));
|
||||||
-- end.
|
-- end.
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -30,8 +30,8 @@ begin
|
|||||||
returning * into pac;
|
returning * into pac;
|
||||||
|
|
||||||
call rbac.grantRoleToSubject(
|
call rbac.grantRoleToSubject(
|
||||||
rbac.getRoleId(testCustomerAdmin(cust)),
|
rbac.getRoleId(rbactest.customer_ADMIN(cust)),
|
||||||
rbac.findRoleId(testPackageAdmin(pac)),
|
rbac.findRoleId(rbactest.package_ADMIN(pac)),
|
||||||
rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'),
|
rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'),
|
||||||
true);
|
true);
|
||||||
|
|
||||||
|
@ -40,17 +40,17 @@ begin
|
|||||||
|
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testDomainOWNER(NEW),
|
rbactest.domain_OWNER(NEW),
|
||||||
permissions => array['DELETE', 'UPDATE'],
|
permissions => array['DELETE', 'UPDATE'],
|
||||||
incomingSuperRoles => array[testPackageADMIN(newPackage)],
|
incomingSuperRoles => array[rbactest.package_ADMIN(newPackage)],
|
||||||
outgoingSubRoles => array[testPackageTENANT(newPackage)]
|
outgoingSubRoles => array[rbactest.package_TENANT(newPackage)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testDomainADMIN(NEW),
|
rbactest.domain_ADMIN(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[testDomainOWNER(NEW)],
|
incomingSuperRoles => array[rbactest.domain_OWNER(NEW)],
|
||||||
outgoingSubRoles => array[testPackageTENANT(newPackage)]
|
outgoingSubRoles => array[rbactest.package_TENANT(newPackage)]
|
||||||
);
|
);
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
@ -106,14 +106,14 @@ begin
|
|||||||
|
|
||||||
if NEW.packageUuid <> OLD.packageUuid then
|
if NEW.packageUuid <> OLD.packageUuid then
|
||||||
|
|
||||||
call rbac.revokeRoleFromRole(testDomainOWNER(OLD), testPackageADMIN(oldPackage));
|
call rbac.revokeRoleFromRole(rbactest.domain_OWNER(OLD), rbactest.package_ADMIN(oldPackage));
|
||||||
call rbac.grantRoleToRole(testDomainOWNER(NEW), testPackageADMIN(newPackage));
|
call rbac.grantRoleToRole(rbactest.domain_OWNER(NEW), rbactest.package_ADMIN(newPackage));
|
||||||
|
|
||||||
call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainOWNER(OLD));
|
call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_OWNER(OLD));
|
||||||
call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainOWNER(NEW));
|
call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_OWNER(NEW));
|
||||||
|
|
||||||
call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainADMIN(OLD));
|
call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_ADMIN(OLD));
|
||||||
call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainADMIN(NEW));
|
call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_ADMIN(NEW));
|
||||||
|
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
@ -160,7 +160,7 @@ do language plpgsql $$
|
|||||||
LOOP
|
LOOP
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.domain'),
|
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.domain'),
|
||||||
testPackageADMIN(row));
|
rbactest.package_ADMIN(row));
|
||||||
END LOOP;
|
END LOOP;
|
||||||
end;
|
end;
|
||||||
$$;
|
$$;
|
||||||
@ -176,7 +176,7 @@ begin
|
|||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.domain'),
|
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.domain'),
|
||||||
testPackageADMIN(NEW));
|
rbactest.package_ADMIN(NEW));
|
||||||
-- end.
|
-- end.
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -35,22 +35,22 @@ begin
|
|||||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeContactOWNER(NEW),
|
hs_office.contact_OWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeContactADMIN(NEW),
|
hs_office.contact_ADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsOfficeContactOWNER(NEW)]
|
incomingSuperRoles => array[hs_office.contact_OWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeContactREFERRER(NEW),
|
hs_office.contact_REFERRER(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsOfficeContactADMIN(NEW)]
|
incomingSuperRoles => array[hs_office.contact_ADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
|
@ -35,22 +35,22 @@ begin
|
|||||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficePersonOWNER(NEW),
|
hs_office.person_OWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficePersonADMIN(NEW),
|
hs_office.person_ADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsOfficePersonOWNER(NEW)]
|
incomingSuperRoles => array[hs_office.person_OWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficePersonREFERRER(NEW),
|
hs_office.person_REFERRER(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsOfficePersonADMIN(NEW)]
|
incomingSuperRoles => array[hs_office.person_ADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
|
@ -48,42 +48,42 @@ begin
|
|||||||
|
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeRelationOWNER(NEW),
|
hs_office.relation_OWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeRelationADMIN(NEW),
|
hs_office.relation_ADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)]
|
incomingSuperRoles => array[hs_office.relation_OWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeRelationAGENT(NEW),
|
hs_office.relation_AGENT(NEW),
|
||||||
incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)]
|
incomingSuperRoles => array[hs_office.relation_ADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeRelationTENANT(NEW),
|
hs_office.relation_TENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsOfficeContactADMIN(newContact),
|
hs_office.contact_ADMIN(newContact),
|
||||||
hsOfficeRelationAGENT(NEW)],
|
hs_office.relation_AGENT(NEW)],
|
||||||
outgoingSubRoles => array[
|
outgoingSubRoles => array[
|
||||||
hsOfficeContactREFERRER(newContact),
|
hs_office.contact_REFERRER(newContact),
|
||||||
hsOfficePersonREFERRER(newAnchorPerson),
|
hs_office.person_REFERRER(newAnchorPerson),
|
||||||
hsOfficePersonREFERRER(newHolderPerson)]
|
hs_office.person_REFERRER(newHolderPerson)]
|
||||||
);
|
);
|
||||||
|
|
||||||
IF NEW.type = 'REPRESENTATIVE' THEN
|
IF NEW.type = 'REPRESENTATIVE' THEN
|
||||||
call rbac.grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW));
|
call rbac.grantRoleToRole(hs_office.person_OWNER(newAnchorPerson), hs_office.relation_ADMIN(NEW));
|
||||||
call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newAnchorPerson));
|
||||||
call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson));
|
call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newHolderPerson));
|
||||||
ELSE
|
ELSE
|
||||||
call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson));
|
call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newHolderPerson));
|
||||||
call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newAnchorPerson));
|
||||||
END IF;
|
END IF;
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
@ -170,7 +170,7 @@ do language plpgsql $$
|
|||||||
LOOP
|
LOOP
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'),
|
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'),
|
||||||
hsOfficePersonADMIN(row));
|
hs_office.person_ADMIN(row));
|
||||||
END LOOP;
|
END LOOP;
|
||||||
end;
|
end;
|
||||||
$$;
|
$$;
|
||||||
@ -186,7 +186,7 @@ begin
|
|||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'),
|
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'),
|
||||||
hsOfficePersonADMIN(NEW));
|
hs_office.person_ADMIN(NEW));
|
||||||
-- end.
|
-- end.
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -42,12 +42,12 @@ begin
|
|||||||
SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
|
SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
|
||||||
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
|
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
|
||||||
|
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel));
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
end; $$;
|
end; $$;
|
||||||
@ -110,23 +110,23 @@ begin
|
|||||||
|
|
||||||
if NEW.partnerRelUuid <> OLD.partnerRelUuid then
|
if NEW.partnerRelUuid <> OLD.partnerRelUuid then
|
||||||
|
|
||||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel));
|
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
|
||||||
|
|
||||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel));
|
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hs_office.relation_ADMIN(oldPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel));
|
||||||
|
|
||||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel));
|
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hs_office.relation_TENANT(oldPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel));
|
||||||
|
|
||||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel));
|
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
|
||||||
|
|
||||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel));
|
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(oldPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel));
|
||||||
|
|
||||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel));
|
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(oldPartnerRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel));
|
||||||
|
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
|
@ -35,22 +35,22 @@ begin
|
|||||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeBankAccountOWNER(NEW),
|
hs_office.bankaccount_OWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeBankAccountADMIN(NEW),
|
hs_office.bankaccount_ADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)]
|
incomingSuperRoles => array[hs_office.bankaccount_OWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeBankAccountREFERRER(NEW),
|
hs_office.bankaccount_REFERRER(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)]
|
incomingSuperRoles => array[hs_office.bankaccount_ADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
|
@ -51,15 +51,15 @@ begin
|
|||||||
|
|
||||||
SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount;
|
SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount;
|
||||||
|
|
||||||
call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel));
|
call rbac.grantRoleToRole(hs_office.bankaccount_REFERRER(newRefundBankAccount), hs_office.relation_AGENT(newDebitorRel));
|
||||||
call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel));
|
call rbac.grantRoleToRole(hs_office.relation_ADMIN(newDebitorRel), hs_office.relation_ADMIN(newPartnerRel));
|
||||||
call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeBankAccountADMIN(newRefundBankAccount));
|
call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.bankaccount_ADMIN(newRefundBankAccount));
|
||||||
call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeRelationAGENT(newPartnerRel));
|
call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.relation_AGENT(newPartnerRel));
|
||||||
call rbac.grantRoleToRole(hsOfficeRelationTENANT(newPartnerRel), hsOfficeRelationAGENT(newDebitorRel));
|
call rbac.grantRoleToRole(hs_office.relation_TENANT(newPartnerRel), hs_office.relation_AGENT(newDebitorRel));
|
||||||
|
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newDebitorRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newDebitorRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newDebitorRel));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newDebitorRel));
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -48,34 +48,34 @@ begin
|
|||||||
|
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeSepaMandateOWNER(NEW),
|
hs_office.sepamandate_OWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeSepaMandateADMIN(NEW),
|
hs_office.sepamandate_ADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsOfficeSepaMandateOWNER(NEW)]
|
incomingSuperRoles => array[hs_office.sepamandate_OWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeSepaMandateAGENT(NEW),
|
hs_office.sepamandate_AGENT(NEW),
|
||||||
incomingSuperRoles => array[hsOfficeSepaMandateADMIN(NEW)],
|
incomingSuperRoles => array[hs_office.sepamandate_ADMIN(NEW)],
|
||||||
outgoingSubRoles => array[
|
outgoingSubRoles => array[
|
||||||
hsOfficeBankAccountREFERRER(newBankAccount),
|
hs_office.bankaccount_REFERRER(newBankAccount),
|
||||||
hsOfficeRelationAGENT(newDebitorRel)]
|
hs_office.relation_AGENT(newDebitorRel)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeSepaMandateREFERRER(NEW),
|
hs_office.sepamandate_REFERRER(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsOfficeBankAccountADMIN(newBankAccount),
|
hs_office.bankaccount_ADMIN(newBankAccount),
|
||||||
hsOfficeRelationAGENT(newDebitorRel),
|
hs_office.relation_AGENT(newDebitorRel),
|
||||||
hsOfficeSepaMandateAGENT(NEW)],
|
hs_office.sepamandate_AGENT(NEW)],
|
||||||
outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)]
|
outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
|
||||||
);
|
);
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
@ -121,7 +121,7 @@ do language plpgsql $$
|
|||||||
LOOP
|
LOOP
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'),
|
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'),
|
||||||
hsOfficeRelationADMIN(row));
|
hs_office.relation_ADMIN(row));
|
||||||
END LOOP;
|
END LOOP;
|
||||||
end;
|
end;
|
||||||
$$;
|
$$;
|
||||||
@ -137,7 +137,7 @@ begin
|
|||||||
if NEW.type = 'DEBITOR' then
|
if NEW.type = 'DEBITOR' then
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'),
|
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'),
|
||||||
hsOfficeRelationADMIN(NEW));
|
hs_office.relation_ADMIN(NEW));
|
||||||
end if;
|
end if;
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -44,25 +44,25 @@ begin
|
|||||||
|
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeMembershipOWNER(NEW),
|
hs_office.membership_OWNER(NEW),
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeMembershipADMIN(NEW),
|
hs_office.membership_ADMIN(NEW),
|
||||||
permissions => array['DELETE', 'UPDATE'],
|
permissions => array['DELETE', 'UPDATE'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsOfficeMembershipOWNER(NEW),
|
hs_office.membership_OWNER(NEW),
|
||||||
hsOfficeRelationADMIN(newPartnerRel)]
|
hs_office.relation_ADMIN(newPartnerRel)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeMembershipAGENT(NEW),
|
hs_office.membership_AGENT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsOfficeMembershipADMIN(NEW),
|
hs_office.membership_ADMIN(NEW),
|
||||||
hsOfficeRelationAGENT(newPartnerRel)],
|
hs_office.relation_AGENT(newPartnerRel)],
|
||||||
outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)]
|
outgoingSubRoles => array[hs_office.relation_TENANT(newPartnerRel)]
|
||||||
);
|
);
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
|
@ -38,8 +38,8 @@ begin
|
|||||||
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||||
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
||||||
|
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership));
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
end; $$;
|
end; $$;
|
||||||
@ -84,7 +84,7 @@ do language plpgsql $$
|
|||||||
LOOP
|
LOOP
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
|
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
|
||||||
hsOfficeMembershipADMIN(row));
|
hs_office.membership_ADMIN(row));
|
||||||
END LOOP;
|
END LOOP;
|
||||||
end;
|
end;
|
||||||
$$;
|
$$;
|
||||||
@ -100,7 +100,7 @@ begin
|
|||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
|
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
|
||||||
hsOfficeMembershipADMIN(NEW));
|
hs_office.membership_ADMIN(NEW));
|
||||||
-- end.
|
-- end.
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -38,8 +38,8 @@ begin
|
|||||||
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||||
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
||||||
|
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership));
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership));
|
||||||
|
|
||||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
end; $$;
|
end; $$;
|
||||||
@ -84,7 +84,7 @@ do language plpgsql $$
|
|||||||
LOOP
|
LOOP
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
|
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
|
||||||
hsOfficeMembershipADMIN(row));
|
hs_office.membership_ADMIN(row));
|
||||||
END LOOP;
|
END LOOP;
|
||||||
end;
|
end;
|
||||||
$$;
|
$$;
|
||||||
@ -100,7 +100,7 @@ begin
|
|||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
|
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
|
||||||
hsOfficeMembershipADMIN(NEW));
|
hs_office.membership_ADMIN(NEW));
|
||||||
-- end.
|
-- end.
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -48,26 +48,26 @@ begin
|
|||||||
|
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingProjectOWNER(NEW),
|
hs_booking.project_OWNER(NEW),
|
||||||
incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, rbac.unassumed())]
|
incomingSuperRoles => array[hs_office.relation_AGENT(newDebitorRel, rbac.unassumed())]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingProjectADMIN(NEW),
|
hs_booking.project_ADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsBookingProjectOWNER(NEW)]
|
incomingSuperRoles => array[hs_booking.project_OWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingProjectAGENT(NEW),
|
hs_booking.project_AGENT(NEW),
|
||||||
incomingSuperRoles => array[hsBookingProjectADMIN(NEW)]
|
incomingSuperRoles => array[hs_booking.project_ADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingProjectTENANT(NEW),
|
hs_booking.project_TENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsBookingProjectAGENT(NEW)],
|
incomingSuperRoles => array[hs_booking.project_AGENT(NEW)],
|
||||||
outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)]
|
outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
|
||||||
);
|
);
|
||||||
|
|
||||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
|
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
|
||||||
@ -115,7 +115,7 @@ do language plpgsql $$
|
|||||||
LOOP
|
LOOP
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.project'),
|
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.project'),
|
||||||
hsOfficeRelationADMIN(row));
|
hs_office.relation_ADMIN(row));
|
||||||
END LOOP;
|
END LOOP;
|
||||||
end;
|
end;
|
||||||
$$;
|
$$;
|
||||||
@ -131,7 +131,7 @@ begin
|
|||||||
if NEW.type = 'DEBITOR' then
|
if NEW.type = 'DEBITOR' then
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.project'),
|
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.project'),
|
||||||
hsOfficeRelationADMIN(NEW));
|
hs_office.relation_ADMIN(NEW));
|
||||||
end if;
|
end if;
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -41,30 +41,30 @@ begin
|
|||||||
SELECT * FROM hs_booking.item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
|
SELECT * FROM hs_booking.item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemOWNER(NEW),
|
hs_booking.item_OWNER(NEW),
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsBookingItemAGENT(newParentItem),
|
hs_booking.item_AGENT(newParentItem),
|
||||||
hsBookingProjectAGENT(newProject)]
|
hs_booking.project_AGENT(newProject)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemADMIN(NEW),
|
hs_booking.item_ADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsBookingItemOWNER(NEW)]
|
incomingSuperRoles => array[hs_booking.item_OWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemAGENT(NEW),
|
hs_booking.item_AGENT(NEW),
|
||||||
incomingSuperRoles => array[hsBookingItemADMIN(NEW)]
|
incomingSuperRoles => array[hs_booking.item_ADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemTENANT(NEW),
|
hs_booking.item_TENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsBookingItemAGENT(NEW)],
|
incomingSuperRoles => array[hs_booking.item_AGENT(NEW)],
|
||||||
outgoingSubRoles => array[
|
outgoingSubRoles => array[
|
||||||
hsBookingItemTENANT(newParentItem),
|
hs_booking.item_TENANT(newParentItem),
|
||||||
hsBookingProjectTENANT(newProject)]
|
hs_booking.project_TENANT(newProject)]
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
||||||
@ -157,7 +157,7 @@ do language plpgsql $$
|
|||||||
LOOP
|
LOOP
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'),
|
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'),
|
||||||
hsBookingProjectADMIN(row));
|
hs_booking.project_ADMIN(row));
|
||||||
END LOOP;
|
END LOOP;
|
||||||
end;
|
end;
|
||||||
$$;
|
$$;
|
||||||
@ -173,7 +173,7 @@ begin
|
|||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
|
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
|
||||||
hsBookingProjectADMIN(NEW));
|
hs_booking.project_ADMIN(NEW));
|
||||||
-- end.
|
-- end.
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
@ -200,7 +200,7 @@ begin
|
|||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
call rbac.grantPermissionToRole(
|
call rbac.grantPermissionToRole(
|
||||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
|
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
|
||||||
hsBookingItemADMIN(NEW));
|
hs_booking.item_ADMIN(NEW));
|
||||||
-- end.
|
-- end.
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -47,43 +47,43 @@ begin
|
|||||||
SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
|
SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsHostingAssetOWNER(NEW),
|
hs_hosting.asset_OWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsBookingItemADMIN(newBookingItem),
|
hs_booking.item_ADMIN(newBookingItem),
|
||||||
hsHostingAssetADMIN(newParentAsset),
|
hs_hosting.asset_ADMIN(newParentAsset),
|
||||||
rbac.globalADMIN(rbac.unassumed())],
|
rbac.globalADMIN(rbac.unassumed())],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsHostingAssetADMIN(NEW),
|
hs_hosting.asset_ADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsBookingItemAGENT(newBookingItem),
|
hs_booking.item_AGENT(newBookingItem),
|
||||||
hsHostingAssetAGENT(newParentAsset),
|
hs_hosting.asset_AGENT(newParentAsset),
|
||||||
hsHostingAssetOWNER(NEW)]
|
hs_hosting.asset_OWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsHostingAssetAGENT(NEW),
|
hs_hosting.asset_AGENT(NEW),
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsHostingAssetADMIN(NEW),
|
hs_hosting.asset_ADMIN(NEW),
|
||||||
hsHostingAssetAGENT(newAssignedToAsset)],
|
hs_hosting.asset_AGENT(newAssignedToAsset)],
|
||||||
outgoingSubRoles => array[
|
outgoingSubRoles => array[
|
||||||
hsHostingAssetTENANT(newAssignedToAsset),
|
hs_hosting.asset_TENANT(newAssignedToAsset),
|
||||||
hsOfficeContactREFERRER(newAlarmContact)]
|
hs_office.contact_REFERRER(newAlarmContact)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform rbac.defineRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsHostingAssetTENANT(NEW),
|
hs_hosting.asset_TENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsHostingAssetAGENT(NEW),
|
hs_hosting.asset_AGENT(NEW),
|
||||||
hsOfficeContactADMIN(newAlarmContact)],
|
hs_office.contact_ADMIN(newAlarmContact)],
|
||||||
outgoingSubRoles => array[
|
outgoingSubRoles => array[
|
||||||
hsBookingItemTENANT(newBookingItem),
|
hs_booking.item_TENANT(newBookingItem),
|
||||||
hsHostingAssetTENANT(newParentAsset)]
|
hs_hosting.asset_TENANT(newParentAsset)]
|
||||||
);
|
);
|
||||||
|
|
||||||
IF NEW.type = 'DOMAIN_SETUP' THEN
|
IF NEW.type = 'DOMAIN_SETUP' THEN
|
||||||
|
@ -7,7 +7,7 @@ spring:
|
|||||||
url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
|
url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
|
||||||
url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true
|
url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true
|
||||||
url-local: jdbc:postgresql://localhost:5432/postgres
|
url-local: jdbc:postgresql://localhost:5432/postgres
|
||||||
url: ${spring.datasource.url-local}
|
url: ${spring.datasource.url-tc}
|
||||||
username: postgres
|
username: postgres
|
||||||
password: password
|
password: password
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user